CVE-2023-25654

baserCMS File Uploader Remote Code Execution (RCE) vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-02-09 CVE Reserved
2023-03-23 CVE Published
2024-08-02 CVE Updated
2024-11-11 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

References (5)

URL	Tag	Source
https://github.com/baserproject/basercms/releases/tag/basercms-4.7.5	Release Notes
https://github.com/baserproject/basercms/security/advisories/GHSA-h4cc-fxpp-pgw9	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/baserproject/basercms/commit/002886be0998c74c386e04f0b43688a8a45d7a96	2023-03-28
https://github.com/baserproject/basercms/commit/08247f0a633d8e836ce2e5cd2d53aa19901a1359	2023-03-28
https://github.com/baserproject/basercms/commit/60f83054d8131b0ace60716cec7e629b5eb3a8f0	2023-03-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Basercms Search vendor "Basercms"		Basercms Search vendor "Basercms" for product "Basercms"				< 4.7.5 Search vendor "Basercms" for product "Basercms" and version " < 4.7.5"		-		Affected